figma

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests content from third-party Figma data (see SKILL.md "Popular actions" entries like Get File, Get File Nodes, Get Comments and the "Proxy requests" section allowing arbitrary Figma API paths), which are user-generated/untrusted and the agent is expected to read and act on that content as part of its workflow, creating a clear vector for indirect prompt injection.